<?php
// $Id$

/**
 * Controller_Userlog 控制器
 */
class Controller_Userlog extends Controller_Abstract
{
    /**
     * 登录：判断权限、角色
     * 角色值 role_id 不同
     */
    public function actionLogin()
    {
        // lrole 假如是老师，该值为 4 ，考虑一下校友会
        if(!empty($_POST))
        {
            $Pcib_usr = $_POST['cib_usr'];
            $Pcib_pwd = $_POST['cib_pwd'];

            /**
             * CIB::_SQL_filter() 返回值为 0 或 1,因此不能用 $Pcib_usr = CIB::_SQL_filter($Pcib_usr) 的形式
             * 若如此，会使得 $Pcib_usr = $Pcib_pwd = 1
             *
             * 执行以下步骤,使 $Pcib_usr 与 $Pcib_pwd 本身发生被过滤
             */
            CIB::_SQL_filter($Pcib_usr);
            CIB::_SQL_filter($Pcib_pwd);

            /**
             * Login Srole 老师登录
             * 4. cib_teacher
             */
            if($Pcib_usr != '' && $Pcib_pwd == '0000')
            {
                $cib_login = Login::find('cib_usr = ?', $Pcib_usr)->query();
                if($cib_login->teacher_id != '')
                {
                    $_SESSION['notice'] = '您已登录，<a class="edit" href="'.url('bohome/changepassword').'">点此修改密码</a>';
                }
            }
            elseif($Pcib_usr != '' && $Pcib_pwd != '0000')
            {
                $cib_login = Login::find('cib_usr = ? AND cib_pwd = ?', $Pcib_usr, $Pcib_pwd)->query();
            }

            if($cib_login->teacher_id == '')
            {
                $_SESSION['lrole']  = 410;
                $_SESSION['notice'] = '用户名或密码错,<a href="'.url('SiteInfo').'">使用帮助</a>';
            }
            else
            {
                $_SESSION['lrole']    = 420;                             // lrole => 'login_role'
                $_SESSION['lrole_id'] = $cib_login->role_id;
                $_SESSION['lname']    = $cib_login->cib_usr;
                $_SESSION['tid']      = $cib_login->teacher_id;
            }

            if($cib_login->teacher_id != '' && $Pcib_pwd != '0000')
            {
                $_SESSION['notice']   = '已登录';
            }

            /**
             * Login Srole 具有特殊权限的用户登录
             * 1. cib_master
             * 2. cib_news_editor
             * 3. cib_file_editor
             * 5. cib_research_editor
             * 6. cib_all_editor
             */
            if($cib_login->teacher_id == '')
            {
                $cib_slogin = SLogin::find('cib_usr = ? AND cib_pwd = ?', $Pcib_usr, $Pcib_pwd)->query();
                if($cib_slogin->role_id != '')
                {
                    $_SESSION['lrole']    = 430;
                    $_SESSION['lrole_id'] = $cib_slogin->role_id;
                    $_SESSION['notice']   = '特殊用户已登录';
                }
                elseif($Pcib_usr == 'WEBMASTEROFSISUCIB2009' && $Pcib_pwd == 'PLEASELETMEPASS')
                {
                    // 最大权限的帐号，用于控制网站设置 boapp/setapp
                    $_SESSION['lrole']    = 430;
                    $_SESSION['lrole_id'] = 1;
                    $_SESSION['notice']   = '管理员已登录';
                }
            }
        }

        return $this->_redirect($_SERVER['HTTP_REFERER']);
    }

    /**
     * 重置角色值 role_id = -1
     */
    public function actionLogout()
    {
        $_SESSION['lrole']    = 410;
        $_SESSION['notice']   = '已登出,<a href="'.url('SiteInfo').'">使用帮助</a>';
        $_SESSION['lrole_id'] = -1;
        $_SESSION['lname']    = -1;
        $_SESSION['srole']    = -1;

        /**
         * 若由后台执行注销，跳转至前台首页
         */
        if(strpos($_SERVER['HTTP_REFERER'], 'bo') !== FALSE)
        {
            return $this->_redirect('/home/index');
        }

        /**
         * 否则直接前台注销，跳转至首页
         */
        return $this->_redirect($_SERVER['HTTP_REFERER']);
    }
}